Trojans Lurking In Fake Video Postings On YouTube

In the past week, two fake video postings have been set up on YouTube to infect users with a Trojan that includes pop-up porn ads, Secure Computing warns.

Malware authors have a new trick up their sleeves that targets the YouTube nation.

Within the past week, cybercriminals have hidden Trojan horses in fake video postings on the wildly popular YouTube site, according to Paul Henry, vice president of technologies with Secure Computing. While YouTube techies were quick to pull down both postings, Henry said in an interview Wednesday that the two incidents could sound the bell for a new means of attack.

"The user base for YouTube is absolutely huge," he said. "If I was going to do something malicious, I would choose YouTube, Google or Yahoo. The thing, though, is people at YouTube are very diligent about manually scanning through newly installed content. I think they do a fair job of weeding out the inappropriate or malicious stuff. The bad guy only has a small window of opportunity on YouTube to hit the world."

Henry said that when users tried to view the fake video posting, they were infected with the zlob Trojan, which then begin spitting out pop-ups ads for pornographic sites onto the infected computer. As bad as that may be for users, Henry said his concern is that it's simply a prelude to the Trojans downloading other pieces of malware, like keyloggers. It also would be an easy way to turn infected computers into bots and then have them join the growing wave of botnets that are plaguing the Internet with spam and denial-of-service attacks.

Another concern is that users don't expect to fend off malware attacks when they're cruising around YouTube, which is a user content driven online video site. And that's part of the cybercriminals' plan, noted Henry. In recent months, malware infected e-mail has been on the decline, while malicious Web sites have been on the rise.